EU proposals to update data protection laws are too prescriptive, according to a new Report by the Justice Select Committee.

Sir Alan Beith MP, Chairman of the Justice Committee, said:

"The current data protection laws for general and commercial purposes need to be updated, as they do not account for the digital world. However, we agree with the Information Commissioner’s assessment that the system set out in the draft Regulation 'cannot work' and is 'a regime which no-one will pay for'. Therefore, we believe that the Commission needs to go back to the drawing board and devise a regime which is much less prescriptive".

The processes and procedures that are specified within the proposals do not allow for flexibility or discretion for businesses or other organisations which hold personal data, or for data protection authorities. The Committee therefore concluded that the proposals should focus on those elements that are required to achieve the Commission’s objectives, whilst compliance should be entrusted to Member States’ data protection authorities.

The MPs were responding to a request from the European Scrutiny Committee for its opinion on both the draft Regulation and draft Directive. These instruments would give EU citizens new data protection rights as set out in the Charter of Fundamental Rights of the European Union and the Lisbon Treaty.

Despite its criticisms, the Committee welcomes the potential benefits that an updated law could bring. For individuals, their rights would be strengthened, and in particular the new framework would guard against some of the more unwelcome and often criticised aspects of digital data processing. For example, the draft Regulation sets out the rights of individuals to access their personal data, to have it rectified or erased, to object to processing and not to be subject to profiling. From a business perspective, the benefits would mainly accrue through the effective harmonisation of laws. Sir Alan Beith MP said:

"We understand that multinational firms have been lobbying heavily for greater harmonisation. We can also see how harmonisation will also aid small and medium sized companies who wish to offer their goods and services across borders. Currently a firm would have to deal with 27 separate sets of domestic legislation, and may be put off by the potential legal costs of complying with each. Whilst multinationals can take on this burden, small firms cannot. If the draft Regulation is passed, this worry will be removed as the law in Romania will be the same as in Sweden, and indeed within the UK itself".

"We have been told that the draft Directive does not apply to domestic processing by law enforcement agencies within the UK. This needs to be placed beyond doubt. Additionally, it needs to be made clear that the Directive must not impact on the ability of the police to use common law powers to pass on information in the interests of crime prevention and public protection".